Critical Alert: Active Exploitation of Microsoft SharePoint RCE (CVE-2025-53770)

Labs and MDR teams confirm active exploitation of CVE-2025-53770, a critical RCE vulnerability in on-premises Microsoft SharePoint servers. The flaw enables arbitrary code execution, risking full system compromise. Microsoft has released emergency patches for SharePoint 2019 (KB5002754) and Subscription Edition (KB5002768), with SharePoint 2016 patches pending. Immediate patching and ASP.NET machine key rotation are critical to prevent data decryption or authentication bypass. Attackers are exploiting edge network devices as initial footholds for subsequent attacks, including ransomware. Organizations should prioritize patching, key rotation, and network monitoring for signs of initial access or lateral movement. Despite originating from a Reddit post, the confirmation by Labs and MDR teams and the critical nature of the vulnerability warrant immediate action. Verification through official Microsoft channels is advised.